Details of VAR-200611-0066

ID

VAR-200611-0066

CVE

CVE-2006-5720

TITLE

Francisco Burzi PHP-Nuke of Journal In module SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2006-001489

DESCRIPTION

SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. PHP-Nuke 7.9 and prior versions are vulnerable. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: PHP-Nuke "forwhat" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA22617 VERIFY ADVISORY: http://secunia.com/advisories/22617/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: >From remote SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ DESCRIPTION: Paisterist has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "forwhat" parameter in modules/journal/search.php is not properly sanitised, before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 7.9. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Paisterist ORIGINAL ADVISORY: http://www.neosecurityteam.net/index.php?action=advisories&id=29 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-5720 // JVNDB: JVNDB-2006-001489 // BID: 20829 // VULHUB: VHN-21828 // PACKETSTORM: 51543

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.9	Trust: 1.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.7	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.2	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.4	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.1	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.3	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.6	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.5	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.8	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.9	Trust: 0.6
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.9	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.8	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.7	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.6	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.5	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.4	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.3	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.2	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.1	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.0	Trust: 0.3

sources: BID: 20829 // JVNDB: JVNDB-2006-001489 // CNNVD: CNNVD-200611-046 // NVD: CVE-2006-5720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-5720
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-5720
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200611-046
value:	HIGH
Trust: 0.6
VULHUB:	VHN-21828
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-5720
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-21828
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-21828 // JVNDB: JVNDB-2006-001489 // CNNVD: CNNVD-200611-046 // NVD: CVE-2006-5720

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5720

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200611-046

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 51543 // CNNVD: CNNVD-200611-046

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001489

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-21828

PATCH

title:

Top Page

url:

http://phpnuke.org/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001489

EXTERNAL IDS

db:	NVD	id:	CVE-2006-5720	Trust: 2.5
db:	BID	id:	20829	Trust: 2.0
db:	SECUNIA	id:	22617	Trust: 1.8
db:	VUPEN	id:	ADV-2006-4295	Trust: 1.7
db:	SREASON	id:	1812	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-001489	Trust: 0.8
db:	CNNVD	id:	CNNVD-200611-046	Trust: 0.7
db:	BUGTRAQ	id:	20061031 PHP-NUKE <= 7.9 JOURNAL MODULE (SEARCH.PHP) "FORWHAT" SQL INJECTION VULNERABILITY	Trust: 0.6
db:	XF	id:	29940	Trust: 0.6
db:	SEEBUG	id:	SSVID-82429	Trust: 0.1
db:	EXPLOIT-DB	id:	28885	Trust: 0.1
db:	VULHUB	id:	VHN-21828	Trust: 0.1
db:	PACKETSTORM	id:	51543	Trust: 0.1

sources: VULHUB: VHN-21828 // BID: 20829 // JVNDB: JVNDB-2006-001489 // PACKETSTORM: 51543 // CNNVD: CNNVD-200611-046 // NVD: CVE-2006-5720

REFERENCES

url:	http://www.securityfocus.com/bid/20829	Trust: 1.7
url:	http://secunia.com/advisories/22617	Trust: 1.7
url:	http://securityreason.com/securityalert/1812	Trust: 1.7
url:	http://www.neosecurityteam.net/index.php?action=advisories&id=29	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/450183/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/4295	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/29940	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5720	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5720	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/29940	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/450183/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/4295	Trust: 0.6
url:	http://www.phpnuke.org	Trust: 0.3
url:	/archive/1/450183	Trust: 0.3
url:	http://www.neosecurityteam.net/index.php?action=advisories&id=29	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://corporate.secunia.com/products/48/?r=l	Trust: 0.1
url:	http://secunia.com/product/2385/	Trust: 0.1
url:	http://secunia.com/advisories/22617/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/15/?r=l	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-21828 // BID: 20829 // JVNDB: JVNDB-2006-001489 // PACKETSTORM: 51543 // CNNVD: CNNVD-200611-046 // NVD: CVE-2006-5720

CREDITS

Paisterist is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 20829 // CNNVD: CNNVD-200611-046

SOURCES

db:	VULHUB	id:	VHN-21828
db:	BID	id:	20829
db:	JVNDB	id:	JVNDB-2006-001489
db:	PACKETSTORM	id:	51543
db:	CNNVD	id:	CNNVD-200611-046
db:	NVD	id:	CVE-2006-5720

LAST UPDATE DATE

2024-08-14T15:09:37.614000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-21828	date:	2018-10-17T00:00:00
db:	BID	id:	20829	date:	2006-11-01T15:37:00
db:	JVNDB	id:	JVNDB-2006-001489	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200611-046	date:	2006-11-07T00:00:00
db:	NVD	id:	CVE-2006-5720	date:	2018-10-17T21:44:16.567

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-21828	date:	2006-11-04T00:00:00
db:	BID	id:	20829	date:	2006-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2006-001489	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	51543	date:	2006-11-01T21:33:49
db:	CNNVD	id:	CNNVD-200611-046	date:	2006-11-03T00:00:00
db:	NVD	id:	CVE-2006-5720	date:	2006-11-04T01:07:00